Advisories ยป MGASA-2017-0269

Updated x11-server packages fix security vulnerabilities

Publication date: 15 Aug 2017
Type: security
Affected Mageia releases : 5
CVE: CVE-2017-2624 , CVE-2017-10971 , CVE-2017-10972

Description

Eric Sesterhenn discovered that the X.Org X server incorrectly compared
MIT cookies. An attacker could possibly use this issue to perform a
timing attack and recover the MIT cookie (CVE-2017-2624).

It was discovered that the X.Org X server incorrectly handled endianness
conversion of certain X events. An attacker able to connect to an X
server, either locally or remotely, could use this issue to crash the
server, or possibly execute arbitrary code as an administrator
(CVE-2017-10971).

It was discovered that the X.Org X server incorrectly handled endianness
conversion of certain X events. An attacker able to connect to an X
server, either locally or remotely, could use this issue to possibly
obtain sensitive information (CVE-2017-10972).

Use-after-free issue in an unused function in XDM (boo#1025035).
                

References

SRPMS

5/core